CVE-2024-29218 – This CVE describes an out-of-bounds write vulne... (How to Fix)

Q: What is the severity of CVE-2024-29218?

CVE-2024-29218 has a CVSS score of 8.8 (HIGH). This CVE describes an out-of-bounds write vulnerability in Keyence KV STUDIO, KV REPLAY VIEWER, and VT5-WX15/WX12 industrial software. Attackers can exploit it by tricking users into opening malicious files, potentially leading to information disclosure or remote code execution. Users of these industrial automation software products are affected.

📋 TL;DR

This CVE describes an out-of-bounds write vulnerability in Keyence KV STUDIO, KV REPLAY VIEWER, and VT5-WX15/WX12 industrial software. Attackers can exploit it by tricking users into opening malicious files, potentially leading to information disclosure or remote code execution. Users of these industrial automation software products are affected.

💻 Affected Systems

Products:

KV STUDIO
KV REPLAY VIEWER
VT5-WX15
VT5-WX12

Versions: KV STUDIO Ver.11.64 and earlier, KV REPLAY VIEWER Ver.2.64 and earlier, VT5-WX15/WX12 Ver.6.02 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: These are industrial automation software products used for PLC programming and HMI configuration. Exploitation requires user interaction to open malicious files.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, potentially leading to industrial process disruption, data theft, or lateral movement within industrial networks.

🟠

Likely Case

Local privilege escalation or arbitrary code execution in the context of the user opening the malicious file, potentially leading to data exfiltration or further system compromise.

🟢

If Mitigated

Limited impact if proper file validation and user awareness controls prevent malicious files from being opened, though the vulnerability remains present.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires social engineering to get users to open malicious files. No public exploit code has been identified at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: KV STUDIO Ver.11.65 or later, KV REPLAY VIEWER Ver.2.65 or later, VT5-WX15/WX12 Ver.6.03 or later

Vendor Advisory: https://www.keyence.com/kv_vulnerability240924_en

Restart Required: Yes

Instructions:

1. Download the latest version from Keyence's official website. 2. Uninstall the vulnerable version. 3. Install the patched version. 4. Restart the system.

🔧 Temporary Workarounds

Restrict file opening

windows

Implement policies to prevent users from opening untrusted files with the affected software

User awareness training

all

Train users to only open files from trusted sources and verify file integrity

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized files
Use network segmentation to isolate affected systems from critical networks

🔍 How to Verify

Check if Vulnerable:

Check the software version in the application's About or Help menu and compare against affected versions

Check Version:

Check via Windows Control Panel > Programs and Features or the application's About dialog

Verify Fix Applied:

Verify the installed version is KV STUDIO Ver.11.65+, KV REPLAY VIEWER Ver.2.65+, or VT5-WX15/WX12 Ver.6.03+

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes of KV STUDIO, KV REPLAY VIEWER, or VT5 applications
Suspicious file access patterns to the affected applications

Network Indicators:

Unusual outbound connections from systems running the affected software
File transfers to/from systems with the vulnerable software

SIEM Query:

Process creation events where parent process is KV STUDIO, KV REPLAY VIEWER, or VT5 applications with suspicious command line arguments

📊 Metadata

CVE ID: CVE-2024-29218

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: April 15, 2024

Last Updated: June 30, 2025

🔗 References

https://jvn.jp/en/vu/JVNVU95439120/ Third Party Advisory
https://www.keyence.com/kv_vulnerability240924_en Vendor Advisory
https://jvn.jp/en/vu/JVNVU95439120/ Third Party Advisory
https://www.keyence.com/kv_vulnerability240329_en Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-29218, you might also want to check these: